<?php
session_start();
require_once("function.php");

class User
{
	function logIn($username, $password)
	{
		$con = connectToDB();
		$user = mysql_real_escape_string($username);
		$pass = mysql_real_escape_string($password);
		
		$pass = sha1($pass);
		
		$result = mysql_query("select * from employee where Emp_no = '$user' and Password = '$pass'");
		
		if(mysql_num_rows($result) == 1)
		{
			$row = mysql_fetch_array($result);
			$_SESSION['name'] = $row['First_name']." ".$row['Last_name'];
			$_SESSION['user'] = $row['Emp_no'];
			$_SESSION['pos'] = $row['Pos'];
			return true;
		}
		else
		{
			return false;
		}
	}
	
	function create($TIN, $employeeNo, $firstName, $middleName, $lastName, $contactNo, $birthday, $position, $branch, $branchAdd, $password)
	{
		$conto = connectToDB();
		$TIN = mysql_real_escape_string($TIN);
		$employeeNo = mysql_real_escape_string($employeeNo);
		$firstName = mysql_real_escape_string($firstName);
		$middleName = mysql_real_escape_string($middleName);
		$lastName = mysql_real_escape_string($lastName);
		$contactNo = mysql_real_escape_string($contactNo);
		$birthday = mysql_real_escape_string($birthday);
		$position = mysql_real_escape_string($position);
		$branch = mysql_real_escape_string($branch);
		$branchAdd = mysql_real_escape_string($branchAdd);
		$password = mysql_real_escape_string($password);
		
		$password = sha1($password);
		
		$result = mysql_query("INSERT INTO employee VALUES('$employeeNo', '$password', '$TIN', '$firstName', '$middleName', '$lastName', '$birthday', '$position', '$branch', '$branchAdd', '$contactNo', DATEDIFF(CURDATE(),'$birthday')/365)");
		if (!$result) {
			die('Invalid query: ' . mysql_error());
		}
	
	}
	
}

?>